SlideShare ist ein Scribd-Unternehmen logo

Secure the experience, experience security

Ran Liron
Ran Liron

Cyberspace is a scary landscape, and it is becoming scarier each day. While people stay (mostly) the same, the technology keeps evolving. In this talk we’ll discuss this challenge - How can we utilize effective UX design to provide a safer online environment? What can we do to make people feel secure? Which techniques enhance online security, and which common practices are ineffective and should be discarded?

Software
1 von 51
Downloaden Sie, um offline zu lesen
Secure the Experience, Experience Security Debunking Cyber-Security Myths Ran Liron
Virus, Malware, Spyware, Ransomware, Identity theft, Worms, Trojan horses, Heartbleed, Golden Ticket, Pass-the-Hash… Cyber Security: The Risks 2
Ran Liron Head of UX at CYBERARK And also… UX Program Lead @ The Technicon, Continuing Education Division UX Mentor @Google Launchpad Uxing for more then 20 years 3
4 Data (mainly): Resources Regular Joe perspective Michael Mcintyre -
So….what do the Security Experts Recommend? 5
231 security experts Where asked: The Result: 152 Security Advice… Security Experts Recommendations “What are the top three pieces of advice you’ll give to a non-techsavvy user”? Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
Password matters Advice #2: “Use unique passwords” Advice #3: “Use strong passwords” Security Experts Recommendations Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
At least: ▪ 8 characters. ▪ 1 lowercase ▪ 1 Uppercase letter. ▪ 1 special character (!@#$%^&*) ▪ 1 number (0–9) Common Password’s requirements 9
Common password display method: The problem: - Requiring strange, meaningless yet complex string - The user never sees the password So…. Very hard to remember. Defensive Tools: Password 10 ********
So what do users do? 11 They get… creative
keystroke strings 12345678 7777777 666666 password zxcvbnm 1q2w3e4r qwerty Pw123456 … 12
Keeping it somewhere “safe” 13
Keeping it somewhere “safe” 14
Keeping it somewhere “safe” 15 Or simply using the same password all over the net… 
Password Alternative Use password management Tools Accept it The solution? 16
Security Questions? 17
▪Only you know your own history ▪ You don’t have to memorize it ▪ Users will answer truthfully If only we were … Security Questions: The Assumptions 18
Security Questions: The Experience Michael Mcintyre - Comedy Gala 19
only you know your own history? Security Questions: The Reality Nope 20
Security Questions: The Reality 37% admitted to providing fake answers, in an attempt to make them "harder to guess" 40% of our English-speaking US users were unable to recall their answers Google research – “Secrets, Lies, and Account Recovery: Lessons from the use of personal knowledge questions at google”
-22-
Security Questions Are Bad, Bad Practice! 23
What About CAPTCHA? 24
CAPTCHA: The Experience Michael Mcintyre - Comedy Gala 25
26 Last week, I tried to login to Microsoft’s App-store…
27 Acceptable alternative
The Experience of Setting a Password 28
Setting a Password: The Experience Michael Mcintyre - Comedy Gala 29
Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include upper-case letter! 30
Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include at least 8 characters! 31
32 Last week, I tried to login to Microsot’s Appstore…
Don’t torment your users! all of the password requirements should be displayed together 33
Password criteria:  Start with a letter  Include upper-case letter  Include lower-case letter  Include special Character (!@#$...)  Include number  at least 8 characters Setting a password: Instructing the user Set Password: Confirm Password: ******* ******** Password criteria: ✘ Start with a letter ✘ Include upper-case letter ✘ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✘ at least 8 characters Nope! Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✔ at least 8 characters Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters Password criteria: ✔ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters ************************ 34
A way to create passwords that is both secured And easy to remember And has almost no requirements… If only there was… 35
Try to remember this: Now try this: There is a way! 36 ******** **********************
Try to remember this: Now try this: There is a way! 37 ******** I love my fluffy bunny
Why passphrase is better then password? Set Password: *********************** We recommend to use a meaningful phrase. You may use any character, include spaces. Minimum 20 characters total. For example: “I love my fluffy bunny”. This is nice and simple 38
Why Passphrase is Better Then Password? Longer = More secured Easier to remember = More convenient AND more secured 39
Password alternatives? -40-
Password alternatives: Biometrics -41-
Fingerprints, face recognition, eyes scan, signature & typing recognition, vein recognition, voice recognition, DNA matching… and even odor based identification There are A LOT of biometric methods... -42-
▪ Secured ▪ Nothing to remember ▪ No need to manage or change Biometrics – advantages -43-
▪ Some methods requires hardware ▪ Can’t be changed if compromised ▪ Privacy & security issues ▪ Might be disturbed by Injuries ▪ User acceptance Biometrics – disadvantages -44-
Security experts Recommendations 45
Recommendation #1: “Keep systems and software up to date” So – encourage your users to update Security Experts Recommendations 46
Encourage your user to update -47-
Takeaways 48
Drive effective user behavior to increase security: 1. Don’t use security questions, nor CAPTCHA 2. Display all the password requirements together 3. Allow users to see their passwords 4. Promote using passphrases instead of password 5. Consider using biometric identification methods 6. Encourage users to keep their software up-to-date Takeaways
-50- How Are You Going To Improve Your Users’ Security?
▪ Google research: ▪ 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users ▪ Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google ▪ Are you a robot? Introducing “No CAPTCHA reCAPTCHA” ▪ mozilla's blog: Exploring the Emotions of Security, Privacy and Identity ▪ SogetiLabs Blog: UX & Security, Part 2: Account Registration ▪ I’m not a human: Breaking the Google reCAPTCHA ▪ Michael Mcintyr: Comedy Gala Reference 51

Empfohlen

Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
 
Isys20261 lecture 13
Isys20261 lecture 13Isys20261 lecture 13
Isys20261 lecture 13Wiliam Ferraciolli
 
Human/User-Centric Security
Human/User-Centric SecurityHuman/User-Centric Security
Human/User-Centric SecurityShujun Li
 
UX Workshop: How to design a product with great user experience
UX Workshop: How to design a product with great user experienceUX Workshop: How to design a product with great user experience
UX Workshop: How to design a product with great user experienceRaj Lal
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxLaurieAnnFrazier
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Jason Hong
 
How to Apply Machine Learning by Lyft Senior Product Manager
How to Apply Machine Learning by Lyft Senior Product ManagerHow to Apply Machine Learning by Lyft Senior Product Manager
How to Apply Machine Learning by Lyft Senior Product ManagerProduct School
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfCCNAAccount
 

Empfohlen

Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
 
Isys20261 lecture 13
Isys20261 lecture 13Isys20261 lecture 13
Isys20261 lecture 13Wiliam Ferraciolli
 
Human/User-Centric Security
Human/User-Centric SecurityHuman/User-Centric Security
Human/User-Centric SecurityShujun Li
 
UX Workshop: How to design a product with great user experience
UX Workshop: How to design a product with great user experienceUX Workshop: How to design a product with great user experience
UX Workshop: How to design a product with great user experienceRaj Lal
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxLaurieAnnFrazier
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Jason Hong
 
How to Apply Machine Learning by Lyft Senior Product Manager
How to Apply Machine Learning by Lyft Senior Product ManagerHow to Apply Machine Learning by Lyft Senior Product Manager
How to Apply Machine Learning by Lyft Senior Product ManagerProduct School
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfCCNAAccount
 
Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidssumitsiddharth6
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...NetwayClub
 
Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Duo Security
 
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdfAngela Baxter
 
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdfBrooke Lord
 
Software craftsmanship and you a strong foundation in your team
Software craftsmanship and you a strong foundation in your teamSoftware craftsmanship and you a strong foundation in your team
Software craftsmanship and you a strong foundation in your teamDattatray Kale
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsExcellence Foundation for South Sudan
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Jobayer Almahmud Hossain (RHCA, RHCDS, RHCSS)
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarVishwadeep Badgujar
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best FriendEmilyGladstoneCole
 
The Most Important Thing: How Mozilla Does Security and What You Can Steal
The Most Important Thing: How Mozilla Does Security and What You Can StealThe Most Important Thing: How Mozilla Does Security and What You Can Steal
The Most Important Thing: How Mozilla Does Security and What You Can Stealmozilla.presentations
 
Design systems Implementation
Design systems Implementation Design systems Implementation
Design systems Implementation Ran Liron
 
UX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successUX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successRan Liron
 

Weitere ähnliche Inhalte

Ähnlich wie Secure the experience, experience security

Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidssumitsiddharth6
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...NetwayClub
 
Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Duo Security
 
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdfAngela Baxter
 
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdfBrooke Lord
 
Software craftsmanship and you a strong foundation in your team
Software craftsmanship and you a strong foundation in your teamSoftware craftsmanship and you a strong foundation in your team
Software craftsmanship and you a strong foundation in your teamDattatray Kale
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarVishwadeep Badgujar
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best FriendEmilyGladstoneCole
 
The Most Important Thing: How Mozilla Does Security and What You Can Steal
The Most Important Thing: How Mozilla Does Security and What You Can StealThe Most Important Thing: How Mozilla Does Security and What You Can Steal
The Most Important Thing: How Mozilla Does Security and What You Can Stealmozilla.presentations
 

Ähnlich wie Secure the experience, experience security (20)

Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kids
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
 
Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...
 
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
 
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
😊 Good Closing Paragraph. What Are The Best Ways To Start A Conclusion .pdf
 
Software craftsmanship and you a strong foundation in your team
Software craftsmanship and you a strong foundation in your teamSoftware craftsmanship and you a strong foundation in your team
Software craftsmanship and you a strong foundation in your team
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
 
The Most Important Thing: How Mozilla Does Security and What You Can Steal
The Most Important Thing: How Mozilla Does Security and What You Can StealThe Most Important Thing: How Mozilla Does Security and What You Can Steal
The Most Important Thing: How Mozilla Does Security and What You Can Steal
 

Mehr von Ran Liron

Design systems Implementation
Design systems Implementation Design systems Implementation
Design systems Implementation Ran Liron
 
UX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successUX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successRan Liron
 
UX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישיםUX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישיםRan Liron
 
About UX Consistency
About UX Consistency About UX Consistency
About UX Consistency Ran Liron
 
User story driven product development process
User story driven product development processUser story driven product development process
User story driven product development processRan Liron
 
מיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצרמיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצרRan Liron
 
Introduction to UX
Introduction to UXIntroduction to UX
Introduction to UXRan Liron
 
UX Innovation
UX Innovation UX Innovation
UX Innovation Ran Liron
 
UX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successUX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successRan Liron
 
UX @ NICE enterprise
UX @ NICE enterpriseUX @ NICE enterprise
UX @ NICE enterpriseRan Liron
 
Prototyping for effective UX
Prototyping for effective UXPrototyping for effective UX
Prototyping for effective UXRan Liron
 
Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Ran Liron
 
UX misconceptions
UX misconceptionsUX misconceptions
UX misconceptionsRan Liron
 
ממשק - בדיקות מומחה
ממשק - בדיקות מומחהממשק - בדיקות מומחה
ממשק - בדיקות מומחהRan Liron
 
Prototyping Tools Hebrew
Prototyping Tools HebrewPrototyping Tools Hebrew
Prototyping Tools HebrewRan Liron
 

Mehr von Ran Liron (15)

Design systems Implementation
Design systems Implementation Design systems Implementation
Design systems Implementation
 
UX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successUX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to success
 
UX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישיםUX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישים
 
About UX Consistency
About UX Consistency About UX Consistency
About UX Consistency
 
User story driven product development process
User story driven product development processUser story driven product development process
User story driven product development process
 
מיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצרמיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצר
 
Introduction to UX
Introduction to UXIntroduction to UX
Introduction to UX
 
UX Innovation
UX Innovation UX Innovation
UX Innovation
 
UX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successUX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to success
 
UX @ NICE enterprise
UX @ NICE enterpriseUX @ NICE enterprise
UX @ NICE enterprise
 
Prototyping for effective UX
Prototyping for effective UXPrototyping for effective UX
Prototyping for effective UX
 
Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)
 
UX misconceptions
UX misconceptionsUX misconceptions
UX misconceptions
 
ממשק - בדיקות מומחה
ממשק - בדיקות מומחהממשק - בדיקות מומחה
ממשק - בדיקות מומחה
 
Prototyping Tools Hebrew
Prototyping Tools HebrewPrototyping Tools Hebrew
Prototyping Tools Hebrew
 

Kürzlich hochgeladen

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

Kürzlich hochgeladen (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

Secure the experience, experience security

  • 1. Secure the Experience, Experience Security Debunking Cyber-Security Myths Ran Liron
  • 2. Virus, Malware, Spyware, Ransomware, Identity theft, Worms, Trojan horses, Heartbleed, Golden Ticket, Pass-the-Hash… Cyber Security: The Risks 2
  • 3. Ran Liron Head of UX at CYBERARK And also… UX Program Lead @ The Technicon, Continuing Education Division UX Mentor @Google Launchpad Uxing for more then 20 years 3
  • 4. 4 Data (mainly): Resources Regular Joe perspective Michael Mcintyre -
  • 5. So….what do the Security Experts Recommend? 5
  • 6. 231 security experts Where asked: The Result: 152 Security Advice… Security Experts Recommendations “What are the top three pieces of advice you’ll give to a non-techsavvy user”? Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
  • 7. Password matters Advice #2: “Use unique passwords” Advice #3: “Use strong passwords” Security Experts Recommendations Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
  • 8.
  • 9. At least: ▪ 8 characters. ▪ 1 lowercase ▪ 1 Uppercase letter. ▪ 1 special character (!@#$%^&*) ▪ 1 number (0–9) Common Password’s requirements 9
  • 10. Common password display method: The problem: - Requiring strange, meaningless yet complex string - The user never sees the password So…. Very hard to remember. Defensive Tools: Password 10 ********
  • 11. So what do users do? 11 They get… creative
  • 13. Keeping it somewhere “safe” 13
  • 14. Keeping it somewhere “safe” 14
  • 15. Keeping it somewhere “safe” 15 Or simply using the same password all over the net… 
  • 18. ▪Only you know your own history ▪ You don’t have to memorize it ▪ Users will answer truthfully If only we were … Security Questions: The Assumptions 18
  • 19. Security Questions: The Experience Michael Mcintyre - Comedy Gala 19
  • 20. only you know your own history? Security Questions: The Reality Nope 20
  • 21. Security Questions: The Reality 37% admitted to providing fake answers, in an attempt to make them "harder to guess" 40% of our English-speaking US users were unable to recall their answers Google research – “Secrets, Lies, and Account Recovery: Lessons from the use of personal knowledge questions at google”
  • 22. -22-
  • 23. Security Questions Are Bad, Bad Practice! 23
  • 25. CAPTCHA: The Experience Michael Mcintyre - Comedy Gala 25
  • 26. 26 Last week, I tried to login to Microsoft’s App-store…
  • 28. The Experience of Setting a Password 28
  • 29. Setting a Password: The Experience Michael Mcintyre - Comedy Gala 29
  • 30. Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include upper-case letter! 30
  • 31. Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include at least 8 characters! 31
  • 32. 32 Last week, I tried to login to Microsot’s Appstore…
  • 33. Don’t torment your users! all of the password requirements should be displayed together 33
  • 34. Password criteria:  Start with a letter  Include upper-case letter  Include lower-case letter  Include special Character (!@#$...)  Include number  at least 8 characters Setting a password: Instructing the user Set Password: Confirm Password: ******* ******** Password criteria: ✘ Start with a letter ✘ Include upper-case letter ✘ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✘ at least 8 characters Nope! Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✔ at least 8 characters Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters Password criteria: ✔ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters ************************ 34
  • 35. A way to create passwords that is both secured And easy to remember And has almost no requirements… If only there was… 35
  • 36. Try to remember this: Now try this: There is a way! 36 ******** **********************
  • 37. Try to remember this: Now try this: There is a way! 37 ******** I love my fluffy bunny
  • 38. Why passphrase is better then password? Set Password: *********************** We recommend to use a meaningful phrase. You may use any character, include spaces. Minimum 20 characters total. For example: “I love my fluffy bunny”. This is nice and simple 38
  • 39. Why Passphrase is Better Then Password? Longer = More secured Easier to remember = More convenient AND more secured 39
  • 42. Fingerprints, face recognition, eyes scan, signature & typing recognition, vein recognition, voice recognition, DNA matching… and even odor based identification There are A LOT of biometric methods... -42-
  • 43. ▪ Secured ▪ Nothing to remember ▪ No need to manage or change Biometrics – advantages -43-
  • 44. ▪ Some methods requires hardware ▪ Can’t be changed if compromised ▪ Privacy & security issues ▪ Might be disturbed by Injuries ▪ User acceptance Biometrics – disadvantages -44-
  • 46. Recommendation #1: “Keep systems and software up to date” So – encourage your users to update Security Experts Recommendations 46
  • 47. Encourage your user to update -47-
  • 49. Drive effective user behavior to increase security: 1. Don’t use security questions, nor CAPTCHA 2. Display all the password requirements together 3. Allow users to see their passwords 4. Promote using passphrases instead of password 5. Consider using biometric identification methods 6. Encourage users to keep their software up-to-date Takeaways
  • 50. -50- How Are You Going To Improve Your Users’ Security?
  • 51. ▪ Google research: ▪ 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users ▪ Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google ▪ Are you a robot? Introducing “No CAPTCHA reCAPTCHA” ▪ mozilla's blog: Exploring the Emotions of Security, Privacy and Identity ▪ SogetiLabs Blog: UX & Security, Part 2: Account Registration ▪ I’m not a human: Breaking the Google reCAPTCHA ▪ Michael Mcintyr: Comedy Gala Reference 51